General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
darkcomet
Botnet
Guest16
C2
5.39.43.50:3456
5.39.43.50:3457
Mutex
DC_MUTEX-VKNX7Z7
Attributes
-
gencode
ip88Yvfo0Nxh
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger